International Law

Stewart Baker on Lawyers and Cyber

By Jack Goldsmith
Wednesday, October 5, 2011, 9:17 AM

Stewart Baker – former Assistant Secretary for Policy at DHS and former NSA General Counsel – has an essay in Foreign Policy arguing that government lawyers are interpreting laws governing offensive cyber weapons unduly restrictively and in the process are effectively preventing the USG from actively protecting our systems while our adversaries, not subject to such scruples, are busily taking advantage of our unilateral stand-down.

Across the federal government, lawyers are tying themselves in knots of legalese. Military lawyers are trying to articulate when a cyberattack can be classed as an armed attack that permits the use of force in response. State Department and National Security Council lawyers are implementing an international cyberwar strategy that relies on international law "norms" to restrict cyberwar. CIA lawyers are invoking the strict laws that govern covert action to prevent the Pentagon from launching cyberattacks.

Justice Department lawyers are apparently questioning whether the military violates the law of war if it does what every cybercriminal has learned to do -- cover its tracks by routing attacks through computers located in other countries. And the Air Force recently surrendered to its own lawyers, allowing them to order that all cyberweapons be reviewed for "legality under [the law of armed conflict], domestic law and international law" before cyberwar capabilities are even acquired.

The result is predictable, and depressing. Top Defense Department officials recently adopted a cyberwar strategy that simply omitted any plan for conducting offensive operations, even as Marine Gen. James Cartwright, then vice chairman of the Joint Chiefs of Staff, complained publicly that a strategy dominated by defense would fail: "If it's OK to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's very difficult to come up with a deterrent strategy."

Stewart thinks the effort to place legal restrictions on cyber, like the effort to place legal restrictions on air power in World War II, is doomed to fail.  Worth a read.